asyncrat | cbb4a905efad9fff8c83e66f166d31875e3c87afa431210f9da5b3b0ed0aeaba | Triage

Sharing

General

Target

d9e83a990c7bd74e6e595db61ef7722e_JaffaCakes118
Size

583KB
Sample

241209-q23c5svjap
MD5

d9e83a990c7bd74e6e595db61ef7722e
SHA1

5adf69d2566baa09176cbed0ea5b251f4364ade8
SHA256

cbb4a905efad9fff8c83e66f166d31875e3c87afa431210f9da5b3b0ed0aeaba
SHA512

1032fe4f94e556add89d009fac6294df79976d769a65fd93f5815b8bb62bb02ef4df93976fae08b86e11a88e4f037f0acde2df8bd1e374ae6ea7fb88f5d2d5cb
SSDEEP

12288:FrAe2iNeHK7zYjuVnWyBk5jQbNWsF3SGOL8B/wn:FrX1bJRsxGbon

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

127.0.0.1:2245

127.0.0.1:2256

fresh01.ddns.net:2245

fresh01.ddns.net:2256

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Targets

- Target
  
  d9e83a990c7bd74e6e595db61ef7722e_JaffaCakes118
- Size
  
  583KB
- MD5
  
  d9e83a990c7bd74e6e595db61ef7722e
- SHA1
  
  5adf69d2566baa09176cbed0ea5b251f4364ade8
- SHA256
  
  cbb4a905efad9fff8c83e66f166d31875e3c87afa431210f9da5b3b0ed0aeaba
- SHA512
  
  1032fe4f94e556add89d009fac6294df79976d769a65fd93f5815b8bb62bb02ef4df93976fae08b86e11a88e4f037f0acde2df8bd1e374ae6ea7fb88f5d2d5cb
- SSDEEP
  
  12288:FrAe2iNeHK7zYjuVnWyBk5jQbNWsF3SGOL8B/wn:FrX1bJRsxGbon
Score

10^/10

asyncrat default discovery rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Asyncrat family
  asyncrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultdiscoveryrat

behavioral2

asyncratdefaultdiscoveryrat